Hi HN! I’m the founder of WorkOS (https://workos.com)
We provide a developer API for making your app enterprise-ready. You can quickly add features including SSO/SAML, Director Sync (SCIM), Audit Logs, and more.
WorkOS is “Plaid for enterprise IT systems.”
I learned about these enterprise requirements the hard way. Previously, I founded Nylas where we built an email app called Nylas Mail. We couldn’t monetize that app and shut it down (RIP) and the main reason was that we couldn’t sell it to enterprise because it was missing features.
I fully appreciate how difficult this is to do, but I think it would be immensely useful if WorkOS provided the docs that I (the SAML SP, your customer) provide to my customers who are setting up SAML (as an IdP) on their end.
One of the biggest pain points I've experienced with SAML is that people come to me asking for help, but only understanding their IdP; the only IdP I know how to use is Okta, and I don't have access to their IdP to test with.
I'd love it if WorkOS could give me documentation that I can give to my customers about how they can set up Okta/Azure ADFS/whatever with my product. I can edit those docs to account for idiosyncratic stuff my product does (e.g. requiring a particular SAML user attribute or format for user IDs).
Aside: the support burden of SAML is a big part of why the sso.tax exists. Nobody on the SP or IdP end knows how to set this stuff up!
Congrats on the launch, Michael. Been experiencing the same - after conducting demos of our application, we've been told that we aren't enterprise-ready and so we've gone away to figure out what that looks like. I've got extensive experience in the enterprise space having worked in banking tech for a few years so happy to help. Currently, we're building an AI performance management platform for enterprises and so could leverage WorkOS to accelerate our go-to-market. How do you compare to Replicated (https://www.replicated.com/)?
Very minor, really, but did you consider tiers something like Developer/Startup/Corporate, rather than Free/Developer/Corporate?
I just think surely every user (of yours) is a de facto developer, and really if that's all they are they only need the 'Free' tier until they start selling something (i.e. it's a business of some kind) and need the support.
One issue with Enterprise Software that I've experienced is that all subcontractors are scrutinised and have to be listed in contracts, clients has to be notified/approve changes etc.
I would love to pay you money but run this somehow under AWS (Marketplace?) so that I don't have to request signatures from all our clients.
The issue, AFAICT, is all about who has access to personal data and where that data is hosted (jurisdiction wise).
> "You can quickly add features including SSO/SAML, Director Sync (SCIM), Audit Logs, and more."
This is great. Congrats.
I work in a regulated industry (Life sciences/pharma) and all of these are challenges we've had to tackle as one-offs for our SaaS, so I could appreciate this bundled/bootstrapped approach.
Slightly off-topic complaint: I really wish these features weren't considered "Enterprise" by so many people. Do you have a company that uses third party tools and has employees that leave? Congrats, you're an "enterprise" and need the "enterprise" plan.
I dream of the day that these features (SSO, Sync/SCIM, auditing) are considered table stakes.
I used to share that sentiment but now having worked on the other side and been involved in too many pricing discussion, segmenting is _hard_. Generous free and credit card plans are often subsidized by enterprise contracts and you gotta have some features to make people want to pay for those enterprise plans. SSO/SCIM/Audit logs are great for that because big companies _really_ care while most SMBs don‘t have an IdP and SME are usually fine forgoing it if they can save a buck or two.
I've had the same thought/idea myself. There's so much more this can branch into if you want.
It looks like this is very targeted towards the SMB space. I'm wondering if you could adjust your pricing and features to help modernize & consolidate some of the overlap at larger businesses in general.
Looks nice indeed @grinich ! Excuse the naive question but : what's the difference between workOS and software such as amplitude or mixpanel for audit trail logs ?
From what I understand, you have to declare events as you would do with analytics software. And your docs doesn't say how you make the audit trail available to the customers. If I have to do the proxy myself, then I really do not see the difference with an analytics software.
A slightly offtopic question. Besides older systems/older systems integration is there any reason to have SAML based SSO?
It always seemed to me that if you do not have to support SAML for some older systems the get to go solution is to use a OAuth2 based solution like OpenId Connect.
We're currently in the middle of our SOC-2 Type 2 observation period and should have that certification in Q2.
The company is barely 1 year old and the process of certification can be a bit slow. Other attestations including ISO/IEC 27001, 27017, and 27018 will come later.
We also have a lot of internal practices and policy for how we secure WorkOS while still allowing our engineering team to ship code incredibly fast. It involves separation of duties, hardware security keys (YubiKey), and lots of automation with alerting.
Hopefully we can write something public about it later this year. Many of the ideas came from Stripe's security team. (Thanks Angie! <3)
Similar and different in some ways. Our SSO is free, which makes it a lot more accessible to startups and companies just beginning to go up-market.
We also provide a more generic abstraction than Auth0. They essentially "take over" your auth screens and show Auth0 UI. If you use WorkOS, it's not visible to your end-users and you can customize the sign-in experience how ever you want.
Realy nice and clean website, I love the simplicity. It's a small thing but I would avoid black CTA in the project. Using colors could increase interaction with design ;)
Maybe you would like to also introduce your tool to our audience on Owwly (https://owwly.com)? I think you can find there some potential users.
[+] [-] grinich|6 years ago|reply
WorkOS is “Plaid for enterprise IT systems.”
I learned about these enterprise requirements the hard way. Previously, I founded Nylas where we built an email app called Nylas Mail. We couldn’t monetize that app and shut it down (RIP) and the main reason was that we couldn’t sell it to enterprise because it was missing features.
Here’s a short Twitter thread with more info about WorkOS: https://twitter.com/grinich/status/1239943470271188992
Best place to start is with the docs: http://docs.workos.com/
Would love to get your feedback, questions, and ideas. Thanks! :)
[+] [-] ucarion|6 years ago|reply
One of the biggest pain points I've experienced with SAML is that people come to me asking for help, but only understanding their IdP; the only IdP I know how to use is Okta, and I don't have access to their IdP to test with.
I'd love it if WorkOS could give me documentation that I can give to my customers about how they can set up Okta/Azure ADFS/whatever with my product. I can edit those docs to account for idiosyncratic stuff my product does (e.g. requiring a particular SAML user attribute or format for user IDs).
Aside: the support burden of SAML is a big part of why the sso.tax exists. Nobody on the SP or IdP end knows how to set this stuff up!
[+] [-] tixocloud|6 years ago|reply
[+] [-] OJFord|6 years ago|reply
I just think surely every user (of yours) is a de facto developer, and really if that's all they are they only need the 'Free' tier until they start selling something (i.e. it's a business of some kind) and need the support.
Other words: (for free) MVP, Prototype, Concept; (for middle tier) Business, Starter.
But it looks nice, bookmarked as a 'solution I'd like to have the problem for' ;)
[+] [-] orestis|6 years ago|reply
I would love to pay you money but run this somehow under AWS (Marketplace?) so that I don't have to request signatures from all our clients.
The issue, AFAICT, is all about who has access to personal data and where that data is hosted (jurisdiction wise).
[+] [-] dfsegoat|6 years ago|reply
This is great. Congrats.
I work in a regulated industry (Life sciences/pharma) and all of these are challenges we've had to tackle as one-offs for our SaaS, so I could appreciate this bundled/bootstrapped approach.
[+] [-] bigbossman|6 years ago|reply
[+] [-] oron|6 years ago|reply
[+] [-] cordite|6 years ago|reply
[+] [-] mdeeks|6 years ago|reply
I dream of the day that these features (SSO, Sync/SCIM, auditing) are considered table stakes.
I hope WorkOS takes off and drives that.
P.S. RIP Nylus
[+] [-] realityking|6 years ago|reply
[+] [-] xellisx|6 years ago|reply
[+] [-] cercatrova|6 years ago|reply
[+] [-] gramakri|6 years ago|reply
You mean Nylas?
[+] [-] dmarlow|6 years ago|reply
It looks like this is very targeted towards the SMB space. I'm wondering if you could adjust your pricing and features to help modernize & consolidate some of the overlap at larger businesses in general.
[+] [-] grinich|6 years ago|reply
[+] [-] edelans|6 years ago|reply
From what I understand, you have to declare events as you would do with analytics software. And your docs doesn't say how you make the audit trail available to the customers. If I have to do the proxy myself, then I really do not see the difference with an analytics software.
[+] [-] dathinab|6 years ago|reply
It always seemed to me that if you do not have to support SAML for some older systems the get to go solution is to use a OAuth2 based solution like OpenId Connect.
[+] [-] tylerrobinson|6 years ago|reply
[+] [-] hashamali|6 years ago|reply
[+] [-] grinich|6 years ago|reply
[+] [-] teddyh|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] aktive0|6 years ago|reply
[+] [-] grinich|6 years ago|reply
The company is barely 1 year old and the process of certification can be a bit slow. Other attestations including ISO/IEC 27001, 27017, and 27018 will come later.
We also have a lot of internal practices and policy for how we secure WorkOS while still allowing our engineering team to ship code incredibly fast. It involves separation of duties, hardware security keys (YubiKey), and lots of automation with alerting.
Hopefully we can write something public about it later this year. Many of the ideas came from Stripe's security team. (Thanks Angie! <3)
[+] [-] leetrout|6 years ago|reply
[+] [-] grinich|6 years ago|reply
We also provide a more generic abstraction than Auth0. They essentially "take over" your auth screens and show Auth0 UI. If you use WorkOS, it's not visible to your end-users and you can customize the sign-in experience how ever you want.
[+] [-] nick_urban|6 years ago|reply
[+] [-] stereobit|6 years ago|reply
[+] [-] grinich|6 years ago|reply
[+] [-] Wolfmother|6 years ago|reply